Organized crime rings are using brains, not brawn, to target small
businesses and steal critical data. Protect your business by putting
these 11 security measures into place.
Organized crime has always been known to be all about muscle…but even
the bad guys have evolved. It seems organized crime syndicates have
discovered that more money can be made in less time, with less hassle
simply by employing brains over brawn.
As technology and technology skills have evolved, it’s become
painfully easy to employ hackers to break into small businesses’
networks and seek out sensitive data and personal information.
- Consumer Reports Tests Show Apple's iPhone 6 Not As Bendy As... +55,014 views in last 24 hours
- Why Bendgate Matters For iPhone 6 Plus Users And Apple's Supply... +81,556 views in last 24 hours
- 50 Influential CMOs On Social Media Active on Facebook
- Motivating Employees Has Everything To Do With Giving Them Feelings Of... Active on LinkedIn
- Scotland's Independence Campaign So Isn't Over. Active on Facebook
ForbesBrandVoice
Connecting marketers to the Forbes audience. What is this?
Business 120 views
Protecting your business's data from organized crime
Salesforce Contributor
, Salesforce
Comment Now
Follow Comments
By Robert Siciliano
Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.
Organized crime has always been known to be all about muscle…but even the bad guys have evolved. It seems organized crime syndicates have discovered that more money can be made in less time, with less hassle simply by employing brains over brawn.
As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.
Programmers: skilled technicians who write and code viruses that target a business’s network PCs.
Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.
Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.
Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.
Rogue systems providers: unethical businesses that provide servers for criminals.
Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.
Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.
Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.
There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:
1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.
2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.
The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.
Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.
Organized crime has always been known to be all about muscle…but even the bad guys have evolved. It seems organized crime syndicates have discovered that more money can be made in less time, with less hassle simply by employing brains over brawn.
As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.
Programmers: skilled technicians who write and code viruses that target a business’s network PCs.
Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.
Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.
Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.
Rogue systems providers: unethical businesses that provide servers for criminals.
Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.
Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.
Why Target Small Businesses?
Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they’re seeking:- Social Security numbers
- Credit card numbers
- Bank account information
- Home and business addresses
- Birth dates
- Email addresses
How Hackers Hack
Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business’s network.Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.
Protecting Your Data
There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:- Maintaining updated operating systems, including critical security patches
- Installing and running antivirus, antispyware and antiphising software and a firewall
- Keeping browsers updated with the latest version
- Updating all system software, including Java and Adobe
- Locking down wireless Internet with encryption
- Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
- Utilizing filtering that controls who has access to what kind of data
- Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
- Possible disabling or removing USB ports to prevent the downloading of malicious data
- Incorporating strict password policies
- Encrypting files, folders and entire drives
There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:
1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.
2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.
The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.
